ECE 590: Generative AI: Foundations, Applications, and Safety (Spring 2026)

---

Instructor

Neil Gong, [email protected]

Teaching Assistant

Reachal Wang, [email protected]
Jason Wang, [email protected]

Lectures

Time: MoWe 3:05PM - 4:20PM.
Location: Teer 203

Office Hours

Time: Wed. 11:00AM - 11:50AM.
Location: 413 Wilkinson Building

Tentative Schedule

01/07    Overview [PDF]

01/12    Transformer

• Attention Is All You Need

01/14    LLM pre-training and post-training

• Fine-Tuning Language Models from Human Preferences
• Direct Preference Optimization: Your Language Model is Secretly a Reward Model
• Optional: DeepSeek-R1: Incentivizing Reasoning Capability in LLMs via Reinforcement Learning

01/19    Holiday. No class

01/21    LLM agent

• Chain-of-Thought Prompting Elicits Reasoning in Large Language Models
• ReAct: Synergizing Reasoning and Acting in Language Models

01/26    Prompt injection attacks

• Formalizing and Benchmarking Prompt Injection Attacks and Defenses

01/28    Fine-tuning LLMs to be secure against prompt injection attacks

• StruQ: Defending Against Prompt Injection with Structured Queries
• SecAlign: Defending Against Prompt Injection with Preference Optimization
• Optional: Meta SecAlign: A Secure Foundation LLM Against Prompt Injection Attacks

02/02    Detecting and localizing prompt injection attacks

• DataSentinel: A Game-Theoretic Detection of Prompt Injection Attacks
• PromptLocate: Localizing Prompt Injection Attacks

02/04    Adaptive prompt injection attacks

• The Attacker Moves Second: Stronger Adaptive Attacks Bypass Defenses Against Llm Jailbreaks and Prompt Injections
• Optional: A Critical Evaluation of Defenses against Prompt Injection Attacks

02/09    Jailbreak attacks to LLM

• Universal and Transferable Adversarial Attacks on Aligned Language Models
• Tree of Attacks: Jailbreaking Black-Box LLMs Automatically
• Optional: Jailbreaking Black Box Large Language Models in Twenty Queries

02/11    Defenses against jailbreak attacks

• Safety Alignment Should Be Made More Than Just a Few Tokens Deep
• Optional: Baseline Defenses for Adversarial Attacks Against Aligned Language Models
• Optional: SafeDecoding: Defending against Jailbreak Attacks via Safety-Aware Decoding

02/16    AI-generated text detection: passive detectors

• DetectGPT: Zero-Shot Machine-Generated Text Detection using Probability Curvature

02/18    AI-generated text detection: watermarks

• A Watermark for Large Language Models
• Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
• Optional: Scalable watermarking for identifying large language model outputs

02/23    Robustness of AI-generated text detectors

• Paraphrasing evades detectors of AI-generated text, but retrieval is an effective defense

02/25    VAE, Dino, and CLIP

• Learning Transferable Visual Models From Natural Language Supervision
• Auto-Encoding Variational Bayes
• Optional: DINOv3

03/02    Image generation

• High-Resolution Image Synthesis with Latent Diffusion Models
• Classifier-Free Diffusion Guidance
• Optional: Visual Autoregressive Modeling: Scalable Image Generation via Next-Scale Prediction
• Optional: Imagic: Text-Based Real Image Editing with Diffusion Models

03/04    Safety guardrails for image generation models

• Erasing Concepts from Diffusion Models
• SafeGen: Mitigating Sexually Explicit Content Generation in Text-to-Image Models
• Optional: Safe Latent Diffusion: Mitigating Inappropriate Degeneration in Diffusion Models

03/09    Spring recess

03/11    Spring recess

03/16    Jailbreaking safety guardrails of image generation models

• SneakyPrompt: Jailbreaking Text-to-image Generative Models
• Ring-A-Bell! How Reliable are Concept Removal Methods for Diffusion Models?

03/18    AI-generated image detection: passive methods

• Towards Universal Fake Image Detectors that Generalize Across Generative Models
• Leveraging Frequency Analysis for Deep Fake Image Recognition

03/23    AI-generated image detection: watermarks

• HiDDeN: Hiding Data With Deep Networks
• Tree-Ring Watermarks: Fingerprints for Diffusion Images that are Invisible and Robust
• Optional: The Stable Signature: Rooting Watermarks in Latent Diffusion Models
• Optional: Watermark-based Attribution of AI-Generated Content

03/25    Robustness of AI-generated image detectors

• Towards Deep Learning Models Resistant to Adversarial Attacks
• Evading Watermark based Detection of AI-Generated Content
• Optional: A Transfer Attack to Image Watermarks

03/30    Data-use auditing: passive methods

• Membership Inference Attacks against Machine Learning Models
• Detecting Pretraining Data from Large Language Models
• Optional: Membership Inference Attacks From First Principles

04/01    Data-use auditing: proactive methods

• A General Framework for Data-Use Auditing of ML Models
• Optional: Radioactive data: tracing through training

04/06    Audio generation and safety issues

• Audioldm: Text-to-audio generation with latent diffusion models
• Optional: Proactive Detection of Voice Cloning with Localized Watermarking

04/08    Video generation and safety issues

• Make-a-video: Text-to-video generation without text-video data
• Make it move: controllable image-to-video generation with text descriptions
• Optional: DVMark: a deep multiscale framework for video watermarking

04/13    Project presentation

04/15    Project presentation

Prerequisite

ECE 580 or 687D or Computer Science 371 or graduate standing.

Course Description

Generative AI is revolutionizing content creation by enabling machines to generate text, images, videos, music, and even code. In this course, we will discuss foundations, applications, and safety and security of generative AI.

Class Format

The class is structured around paper reading, lectures, discussions, and projects. Each lecture will focus on a specific topic, with students expected to read the suggested papers and submit their comments to a designated email address by the end of the day before the lecture. Students will be required to lead a lecture on a chosen topic, complete a class project, present their project, and write a project report. Groups of up to four students can be formed for both the lecture and the class project.

Deadlines

Reading assignments

• Sunday and Tuesday 11:59pm. Send comments to [email protected]. Please send your comments to all papers in a single email thread. Disclose any LLM use when sending comments.

Choosing a topic for lecture

• A group sends three preferred dates to [email protected] by 11:59pm, 01/25. Only one group member sends the email on behalf of the group. Please indicate your group members in the email.

Class project

• 02/01: project proposal due.
• 03/15: milestone report due.
• 04/13, 04/15: project presentation.
• 04/26: final project report due.

Grading Policy

50% project
25% reading assignment
10% class participation
15% class presentation